Primary

Context

Android Intent Resolver ChooserActivity Cross-Profile Privilege Escalation Vulnerability

Vulnerability

A vulnerability has been identified in the Android Intent Resolver module, specifically within the ChooserActivity. The issue arises from improper input validation, allowing an app to launch the ChooserActivity in a different profile. This flaw could lead to local escalation of privilege, with no additional execution privileges required. Exploitation of this vulnerability does not necessitate user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing a user or application to gain elevated rights or access within the system.

Remediation

Users can update their devices to the September 2025 security patch level to address this vulnerability.

Added: Sep 4, 2025, 7:34 PM

Updated: Sep 4, 2025, 7:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.0

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.0

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Intent Resolver ChooserActivity Cross-Profile Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating